diff options
| author | Andy Polyakov <appro@openssl.org> | 2007-09-30 18:53:54 +0000 |
|---|---|---|
| committer | Andy Polyakov <appro@openssl.org> | 2007-09-30 18:53:54 +0000 |
| commit | 7432d073af97539e5a2c8b0f1ff254d6b53c9682 (patch) | |
| tree | e9b5dc26f8cb6a250b9f3fc2c4366518b75930e2 | |
| parent | 04e2ab2c02aebcfd3d6eab1ea6c0dbcaa9877cad (diff) | |
| download | openssl-new-7432d073af97539e5a2c8b0f1ff254d6b53c9682.tar.gz | |
Switch to RFC-compliant version encoding in DTLS.
| -rw-r--r-- | ssl/d1_pkt.c | 2 | ||||
| -rw-r--r-- | ssl/d1_srvr.c | 20 | ||||
| -rw-r--r-- | ssl/dtls1.h | 4 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 7 |
4 files changed, 16 insertions, 17 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index bf189f11c3..8cde57509c 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -526,7 +526,7 @@ int dtls1_get_record(SSL *s) SSL3_RECORD *rr; SSL_SESSION *sess; unsigned char *p; - short version; + unsigned short version; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index d299ba618f..0cfcf99971 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -121,7 +121,6 @@ #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/md5.h> -#include <openssl/bn.h> #ifndef OPENSSL_NO_DH #include <openssl/dh.h> #endif @@ -626,15 +625,16 @@ int dtls1_send_hello_verify_request(SSL *s) *(p++) = s->version & 0xFF; *(p++) = (unsigned char) s->d1->cookie_len; - if (s->ctx->app_gen_cookie_cb != NULL && - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &(s->d1->cookie_len)) == 0) - { - SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR); - return 0; - } - /* else the cookie is assumed to have - * been initialized by the application */ + + if (s->ctx->app_gen_cookie_cb != NULL && + s->ctx->app_gen_cookie_cb(s, s->d1->cookie, + &(s->d1->cookie_len)) == 0) + { + SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR); + return 0; + } + /* else the cookie is assumed to have + * been initialized by the application */ memcpy(p, s->d1->cookie, s->d1->cookie_len); p += s->d1->cookie_len; diff --git a/ssl/dtls1.h b/ssl/dtls1.h index c5b1b9cab5..fdf97052de 100644 --- a/ssl/dtls1.h +++ b/ssl/dtls1.h @@ -67,9 +67,7 @@ extern "C" { #endif -#define DTLS1_VERSION 0x0100 -#define DTLS1_VERSION_MAJOR 0x01 -#define DTLS1_VERSION_MINOR 0x00 +#define DTLS1_VERSION 0xFEFF #if 0 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index cc01cb109f..d2f2688bd7 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -774,7 +774,8 @@ int ssl3_get_client_hello(SSL *s) s->client_version=(((int)p[0])<<8)|(int)p[1]; p+=2; - if (s->client_version < s->version) + if ((s->version == DTLS1_VERSION && s->client_version > s->version) || + (s->version != DTLS1_VERSION && s->client_version < s->version)) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); if ((s->client_version>>8) == SSL3_VERSION_MAJOR) @@ -825,7 +826,7 @@ int ssl3_get_client_hello(SSL *s) p+=j; - if (SSL_version(s) == DTLS1_VERSION) + if (s->version == DTLS1_VERSION) { /* cookie stuff */ cookie_len = *(p++); @@ -1821,7 +1822,7 @@ int ssl3_get_client_key_exchange(SSL *s) rsa=pkey->pkey.rsa; } - /* TLS */ + /* TLS and [incidentally] DTLS{0xFEFF} */ if (s->version > SSL3_VERSION) { n2s(p,i); |